Scientific Linux Security Update : grep on SL7.x x86_64
Low Nessus Plugin ID 87557
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionA heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory.
This update also fixes the following bugs :
- Prior to this update, the \w and \W symbols were inconsistently matched to the [:alnum:] character class.
Consequently, using regular expressions with '\w' and '\W' could lead to incorrect results. With this update, '\w' is consistently matched to the [_[:alnum:]] character, and '\W' is consistently matched to the [^_[:alnum:]] character.
- Previously, the Perl Compatible Regular Expression (PCRE) matcher (selected by the '-P' parameter in grep) did not work correctly when matching non-UTF-8 text in UTF-8 locales. Consequently, an error message about invalid UTF-8 byte sequence characters was returned. To fix this bug, patches from upstream have been applied to the grep utility. As a result, PCRE now skips non-UTF-8 characters as non-matching text without returning any error message.
SolutionUpdate the affected grep and / or grep-debuginfo packages.